unbound fail after upgrade Ubuntu from 17.10 to 18.04

Phil Pennock unbound-users+phil at spodhuis.org
Mon Apr 30 07:46:34 UTC 2018 

On 2018-04-29 at 20:54 +0200, Bernard Drozd via Unbound-users wrote:
> I have an issue with Unbound after upgrading Ubuntu from 17.10 to 18.4.

My commiserations.  I just got through getting Unbound working on a
clean 18.04 install.

> Currently Unbound doesn’t work and I receive message:
> 
> ela at akacja:~$ sudo systemctl status unbound

> Please advice what to do. 

1. Run: journalctl -u unbound
   See what appears in Unbound's logs, fix it
2. Run: unbound -d
   See where it fails.

If you need to restart and a simple restart doesn't help, then don't
forget to clear systemd's failed state tracking.

  systemctl reset-failed unbound
  systemctl restart unbound

If the problem is that the address is already in use, then you're
hitting systemd's built-in resolver, systemd-resolved.

First, see if systemd-resolved will meet your needs.  If you try
fighting systemd, then you'll need to set yourself up to _keep_
fighting.  It's like a politician trying to get bad legislation through:
it'll keep trying, pushing, applying pressure, wearing you down.  Just
surrender if you can, it's likely not worth your energy to fight it.

If you're prepared to see what's going to need to be repaired on each
and every future OS upgrade, now that systemd demands that it controls
DNS, and if you need it, then here's what I did.  (For me: I have stuff
running in EC2, the upstream resolvers break DNSSEC, I have Unbound
configured to point "internal." and "amazonaws.com." at those resolvers,
but handle all other domains itself, bypassing the DNSSEC-breaking EC2
resolver service).

The NetworkManager config is _probably_ unneeded, because NM isn't
AFAICT running on a server install.  I put it in as a defensive measure.
I'm blinking a bit at being able to get away with manually creating
/etc/resolv.conf and not having "something" in a Linux system decide it
has the right to blow it away, but ... so far, it's working.

--------------------------8< "setup-script >8---------------------------
# Not sure if this is used even
cat > /etc/NetworkManager/NetworkManager.conf <<'EONM'
[main]
dns=unbound
EONM

systemctl enable unbound
systemctl start unbound
systemctl stop systemd-resolved
systemctl disable systemd-resolved

cat > /etc/resolv.conf <<'EORESOLV'
nameserver 127.0.0.1
EORESOLV

systemctl enable unbound-resolvconf
--------------------------8< "setup-script >8---------------------------

And on that note, I hope to spend a while not touching this nonsense and
sticking to my nice cooperative FreeBSD systems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180430/1218d936/attachment.bin>

More information about the Unbound-users mailing list